Subscribe to the latest research through IGI Global's new InfoSci-OnDemand Plus

InfoSci®-OnDemand Plus, a subscription-based service, provides researchers the ability to access full-text content from over 100,000 peer-reviewed book chapters and 26,000+ scholarly journal articles covering 11 core subjects. Users can select articles or chapters that meet their interests and gain access to the full content permanently in their personal online InfoSci-OnDemand Plus library.

Encyclopedia of Information Science and Technology, Fourth Edition (10 Volumes) Now 50% Off

Take 50% off when purchasing the Encyclopedia directly through IGI Global's Online Bookstore. Plus, receive the complimentary e-books for the first, second, and third editions with the purchase of the Encyclopedia of Information Science and Technology, Fourth Edition e-book.

InfoSci®-Journals Annual Subscription Price for New Customers: As Low As US$ 5,100

This collection of over 175 e-journals offers unlimited access to highly-cited, forward-thinking content in full-text PDF and XML with no DRM. There are no platform or maintenance fees and a guarantee of no more than 5% increase annually.

Abstract

DDoS attacks aim to deny legitimate users of the services. In this paper, the authors introduce dual - level attack detection (D-LAD) scheme for defending against the DDoS attacks. At higher and coarse level, the macroscopic level detectors (MaLAD) attempt to detect congestion inducing attacks which cause apparent slowdown in network functionality. At lower and fine level, the microscopic level detectors (MiLAD) detect sophisticated attacks that cause network performance to degrade gracefully and stealth attacks that remain undetected in transit domain and do not impact the victim. The response mechanism then redirects the suspicious traffic of anomalous flows to honeypot trap for further evaluation. It selectively drops the attack packets and minimizes collateral damage in addressing the DDoS problem. Results demonstrate that this scheme is very effective and provides the quite demanded solution to the DDoS problem.

Traffic Feature Selection

DDoS attacks are launched from distributed sources. Hence the attack traffic is spread across multiple links. As the distance from the victim increases, attack traffic is more diffused and harder to detect because the volume of attack flows are indistinguishable from legitimate flows. Current schemes for early attack detection are based on detecting aggregates causing sustained congestion on communication links (Ioannidis & Bellovin, 2002; Mahajan et al., 2001), imbalance between incoming or outgoing traffic volume on routers (Carl et al., 2005) and probabilistic packet marking techniques . These early detection methods, unfortunately, have to wait for the flooding to become widespread, consequently, they are ineffective to fence off the DDoS timely.